package com.beasts.ant.auth.config.oauth;

import com.beasts.ant.auth.config.oauth.filter.ValidateCodeFilter;
import com.beasts.ant.auth.config.oauth.handler.SelfAuthenticationEntryPoint;
import com.beasts.ant.auth.config.oauth.handler.SelfLogoutSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * oauth 资源配置
 *
 * @author Locker
 * @date 07/05/2018 10:33 AM
 * @since 1.0
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private AuthUrlsConfig authUrlsConfig;
    //
//    @Autowired
//    private OAuth2WebSecurityExpressionHandler expressionHandler;
//
//    @Autowired
//    private SelfAccessDeniedHandler accessDeniedHandler;
//
    @Autowired
    private ValidateCodeFilter validateCodeFilter;

    @Autowired
    private SelfAuthenticationEntryPoint authenticationEntryPoint;

    @Autowired
    private SelfLogoutSuccessHandler logoutSuccessHandler;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        // 加入验证码
//        http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);

        // 允许使用iframe嵌套，避免swagger-ui不被加载的问题
        http.headers().frameOptions().disable();
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
        // 放行配置文件中指定的路径
        for (String url : authUrlsConfig.getAnon()) {
            registry.antMatchers(url).permitAll();
        }

        // TODO 全部请求查询权限
//        registry.anyRequest().access("@permissionService.hasPermission(req, authentication)");

        http.exceptionHandling()
                .authenticationEntryPoint(authenticationEntryPoint)
                // 自定义登出
                .and()
                .logout()
                .logoutUrl("/oauth/logout")
                .logoutSuccessHandler(logoutSuccessHandler)
                // 拦截全部除以上请求外的全部请求
                .and()
                .authorizeRequests().anyRequest().authenticated()
        ;

    }

//    @Override
//    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
//        resources.expressionHandler(expressionHandler);
//        resources.accessDeniedHandler(accessDeniedHandler);
//    }

    /**
     * 配置解决 spring-security-oauth问题
     * https://github.com/spring-projects/spring-security-oauth/issues/730
     */
//    @Bean
//    public OAuth2WebSecurityExpressionHandler oAuth2WebSecurityExpressionHandler(ApplicationContext context) {
//        OAuth2WebSecurityExpressionHandler expressionHandler = new OAuth2WebSecurityExpressionHandler();
//        expressionHandler.setApplicationContext(context);
//        return expressionHandler;
//    }

}
